Now you need JavaScript enabled to log into your Google account securely

Google has made a change to its account sign in process that means you now have to have JavaScript enabled.

The change, which has been introduced for Cybersecurity Awareness Month, is part of a security process which Google says protects you “before you even sign in”. While the vast majority of people will have JavaScript enabled, the new policy will still affect a number of users.

Google uses a JavaScript-based safeguard that runs a “risk assessment” and will “only allow the sign-in if nothing looks suspicious”. Without JavaScript, the checks cannot be run, and this is not something Google is happy to allow.

The company says:

Chances are, JavaScript is already enabled in your browser; it helps power lots of the websites people use everyday. But, because it may save bandwidth or help pages load more quickly, a tiny minority of our users (0.1%) choose to keep it off. This might make sense if you are reading static content, but we recommend that you keep Javascript on while signing into your Google Account so we can better protect you.

Google is also introducing more notifications so you will be aware if a site or app is granted access to your account. There’s also a new security process that’s triggered if potentially unauthorized activity is detected. Google says it will help users:

Verify critical security settings to help ensure your account isn’t vulnerable to additional attacks and that someone can’t access it via other means, like a recovery phone number or email address.
Secure your other accounts because your Google Account might be a gateway to accounts on other services and a hijacking can leave those vulnerable as well.
Check financial activity to see if any payment methods connected to your account, like a credit card or Google Pay, were abused.
Review content and files to see if any of your Gmail or Drive data was accessed or mis-used.